Passwordless SSH to ESXi asks for password

[s851]

Hi.
Problem first: passwordless authentication from TrueNAS Core to a ESXi 7 host requests a password in TrueNAS shell.

I'm trying to shutdown an AiO machine consisting of ESXi7, most recent TrueNAS Core and an APC UPS with an NMC2 and followed the guide https://www.truenas.com/community/r...rt-for-single-or-multiple-freenas-servers.30/
Connection to the UPS is working fine (besides the lack of AES support in the driver), but I'm unable to setup passwordless ssh authentication between TrueNAS and the ESXi host its running on. I've created a keypair using TrueNAS>General>SSH Keypairs and setup a connection under TrueNAS>General>SSH Connections. The correct Remote Host Key is detected automatically. I've copied the public key generated in TrueNAS to my ESXi instance, setup everything there and validated the ESXi config using Putty on my workstation, where the passwordless login is working fine.
Unfortunately, when I try to ssh into my ESXi host from TrueNAS>Shell: "ssh root@[ip]" I receive a password prompt which won't work in case of an unattended power failure.

Any ideas why the SSH Connection and SSH Keypair from the TrueNAS gui seems to be ignored or how I can make it work? I've already read https://www.truenas.com/community/threads/passwordless-ssh-into-solaris-machines.94925/ and https://www.truenas.com/docs/core/tasks/rsync/ but couldn't find the error. User and ip fields of the "SSH Connection" form are identical to the command I'm running from the web shell.

Thank you for any suggestions.

 

[Nvious1]

Have you tried using the -i parameter on the ssh command. The problem is likely that your generated keys are not using the default names (id_rsa) that will load by default from the ~/.ssh folder. In this case you need to use

Code:

ssh -i /path/to/private/key bob@host

for it to do a proper key exchange.

I don't know where the SSH keypair UI stores those key sets, but what you can do is to download the private key and then go into the shell and go into ~/.ssh and recreate the file in there. Make sure you chmod 600 the key file. Then you can run your command like ssh -i ~/.ssh/my_private_key bob@host and it should work for you.

 

[s851]

Have you tried using the -i parameter on the ssh command. The problem is likely that your generated keys are not using the default names (id_rsa) that will load by default from the ~/.ssh folder. In this case you need to use

Code:

ssh -i /path/to/private/key bob@host

for it to do a proper key exchange.

I don't know where the SSH keypair UI stores those key sets, but what you can do is to download the private key and then go into the shell and go into ~/.ssh and recreate the file in there. Make sure you chmod 600 the key file. Then you can run your command like ssh -i ~/.ssh/my_private_key bob@host and it should work for you.

Thank you for your answer. I've already solved the problem in a similar way as you suggest by adding my private key to ~/.ssh/id_rsa manually. Nevertheless, thank you again for your answer.

In my opinion it's very unintuitive to offer a gui menu to setup keypairs when they are only used for a random subset of TrueNAS functions without any documentation which those are.